﻿<?php
$edit_url	=	"?act=list_user";
if ($del_id) {
	acp_check_permission('del_user');
	if ($_POST['submit']) {
		$mysql->query("DELETE FROM ".$tb_prefix."user WHERE user_id = '".$del_id."'");
		echo "Ðã xóa xong <meta http-equiv='refresh' content='0;url=".$edit_url."'>";
		exit();
	}
	?><table align=center><form method="post">Bạn có muốn xóa không ??????<br><center><input value="Có" name=submit type=submit class=submit></center></form></table><?
}
if($mode == 'edit') {
acp_check_permission('edit_user');
	if(is_numeric($id)) {
		$sql	=	"SELECT * FROM ".$tb_prefix."user WHERE user_id = $id";
		$query	=	$mysql->query($sql);
		if($mysql->num_rows($query)) {
			$row =	$mysql->fetch_array($query);
			$user_ID		=	$row['user_id'];
			$user_NAME		=	$row['user_name'];
			$user_EMAIL		=	$row['user_email'];
			$user_LEVEL		=	$row['user_level'];
			$user_SEX		=	$row['user_sex'];
			$user_fullname	=	$row['user_fullname'];
			$user_ym		=	$row['user_ym'];
			$user_signature	=	$row['user_signature'];
			$action			=	"?act=user&mode=edit&id=$id";
			if(isset($_POST['submit'])) {
				$name		=	$_POST['name'];
				$email		=	$_POST['email'];
				if(!$_POST['password']) {
					$password = $row['user_password'];
				}
				else
				$password	=	md5($_POST['password']);
				$level		=	$_POST['level'];
				$sex		=	$_POST['sex'];
				$fullname	=	$_POST['fullname'];
				$ym			=	$_POST['ym'];
				$signature	=	$_POST['signature'];
				$mysql->query("UPDATE ".$tb_prefix."user SET
					user_name			=  	'".$name."',
					user_email 			= 	'".$email."',
					user_password		= 	'".$password."',
					user_level			=	'".$level."',
					user_fullname 		= 	'".$fullname."',
					user_ym				= 	'".$ym."',
					user_signature		=	'".$signature."',
					user_sex			=	'".$sex."' WHERE user_id = '".$id."'");
				echo "<script language='JavaScript'>{ window.parent.location='?act=user&mode=edit&id=$id' }</script>";
			}
		}
	}
	if(!$mysql->num_rows($query)) {
		die("User chưa có trong data");
	}
include("templates/user.html");
}
if($mode == 'add') {
acp_check_permission('add_user');
	if(isset($_POST['submit'])) {
		$name		=	$_POST['name'];
		$email		=	$_POST['email'];
		$password	=	md5($_POST['password']);
		$level		=	$_POST['level'];
		$sex		=	$_POST['sex'];
		$fullname	=	$_POST['fullname'];
		$ym			=	$_POST['ym'];
		$signature	=	$_POST['signature'];
		$action		 = "?act=user&mode=add";
		$mysql->query("INSERT INTO ".$tb_prefix."user (user_name,user_email,user_password,user_level,user_sex,user_fullname,user_ym,user_signature) 
						 VALUES ('".$name."','".$email."','".$password."','".$level."','".$sex."','".$fullname."','".$ym."','".$signature."')");
		echo "<script language='JavaScript'>{ window.parent.location='?act=list_user' }</script>";
	}
include("templates/user.html");	
}


?>